The File Example submodule within the Examples project does not properly sanitize certain filenames as described in SA-CORE-2020-012, along with other related vulnerabilities.
Therefore, File Example so is being removed from Examples until a version demonstrating file security best practices can added back in the future.
Any sites that have File Example submodule installed should uninstall it immediately
Then, install the latest version of Examples:
- If you use Examples 3 (Drupal 9-compatible), upgrade to Examples 3.0.2
- If you use the Examples module's 8.x-1.x branch, upgrade to Examples 8.x-1.1
- Alex Pott of the Drupal Security Team
- Valery Lourie
- Samuel Mortenson of the Drupal Security Team
- Jess (xjm) of the Drupal Security Team
- Alex Pott of the Drupal Security Team
- Michael Hess of the Drupal Security Team
- Jess (xjm) of the Drupal Security Team
- Drew Webber of the Drupal Security Team
- Alex Pott of the Drupal Security Team